Cybercrime-friendly VPN service provider pitches itself as being ‘recommended by Edward Snowden’

We’ve recently spotted a multi-hop Russian cybercrime-friendly VPN service provider — ad featured not syndicated at a well known cybercrime-friendly community — that is relying on fake celebrity endorsement on its way to attract new customers, in this particular case, it’s pitching itself as being recommended by ex-NSA contractor Edward Snowden. How have anonymization tactics evolved over the last couple of years? Have the bad guys been ‘innovating’ on their way to cover the malicious/fraudulent online activity orchestrated by them? Let’d discuss some of the current trends in this ever-green market segment within the cybercrime ecosystem.

Throughout 2013, we continued to observe a decent supply of “hacked-PCs-as-a-service“, with some of the market-leading/well known/reputable vendors, still in operation. Moreover, thanks to the general availability of Socks4/Socks5 converted anonymization hosts, we also continue to observe a decent supply of CAPTCHA-based proxy-supporting DIY automatic account registration/brute-forcing tools, Denial of Service (Dos) attack tools relying on hacked/compromised PCs, as well as the now de-factor standard for the cybercrime ecosystem, use of APIs for the purpose of supplying fellow cybercriminals with access to fresh IPs with clean IP reputation.

We expect to continue observing a mix between a purely malicious infrastructure, in combination with legitimate logs-free infrastructure, for the purpose of anonymizing a cybercriminals online activities, successfully bypassing current data retention regulations in place.